The plugin used the TimelineJS library < 3.7.0 which is affected by a stored Cross-Site Scripting issues if an attacker has write privileges on the source data used for the timeline which is stored on Google Sheets or in a JSON configuration file.
CPE | Name | Operator | Version |
---|---|---|---|
knight-lab-timelinejs | lt | 3.7.0.0 |